SlideShare a Scribd company logo

Elevate your Splunk Deployment by Better Understanding your Value Breakfast Session

Splunk, profile picture
Splunk

This document discusses how to better understand the value of a Splunk deployment through assessing data sources. It presents a data source assessment tool to map data sources to use cases and organizational groups to identify opportunities. The tool shows which data sources are indexed and overlap between groups. It aims to maximize benefits from machine data by supporting business objectives and enabling broader impact.

Technology
1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Copyright © 2016 Splunk, Inc. Elevate your Splunk Deployment by Better Understanding your Value David Caradonna Director, Global Business Value Consulting dcaradonna@splunk.com March, 2016
Copyright © 2016 Splunk, Inc. 2 Top Use Cases and Data Sources 3 Data Source Assessment Tool 4 Summary / Q&A 1 Business Value at Splunk Today’s Presentation
Copyright © 2016 Splunk, Inc. Maximize benefits gained from machine data by prescribing enterprise value plans that directly support our customer’s corporate objectives and enable broader impact across their business Business Value Consulting at Splunk • Should Splunk be a priority? • How much value can be realize? • Which data should be indexed? • What’s the investment and ROI? • Can Cloud be less expensive? • How is Splunk currently utilized? • How much value has been realized? • More value to be realized with current data? • Who else can benefit from this data? • When and how to establish a Splunk COE? Servicing Customers for 3 Years | 700+ Engagements Worldwide
Copyright © 2016 Splunk, Inc. Splunk should not be a Hidden Gem 4 I was never able to do this before! What business value do I get? I can search Syslog way faster now!
Copyright © 2016 Splunk, Inc. Today’s Focus Based on FY16Q3 activity Security, Compliance, and Fraud Business Analytics Industrial Data and the Internet of Things IT Operations Application Delivery Common Value Drivers | Common Data Sources
Copyright © 2016 Splunk, Inc. IT Operational Analytics (ITOA) An overview of Splunk efficiencies and Most Common Data Sources as reported by Splunk Customers IT Operations NOC, Server, Storage, Network Admins, DBA, Middleware, Application Support Teams
Copyright © 2016 Splunk, Inc. TOP 4 Use Cases for ITOA Root Cause Analysis Up to 30% unknown root causes, causing incidents to recur Incident Troubleshooting Lengthy log analysis done manual Incident Triage All hands on deck, taking up 30 to 40 minutes Failure detection Customer often informs IT Before Splunk Service Restoration Fix is implemented #4 Faster and more comprehensive root cause analysis helping to reduce incident recurrence #3 Faster investigation (MTTI) through rapid log search and correlation conducted in conjunction by different teams (everyone looks at the same data) #2 Faster triage often conducted by 1st level staff without all hands on deck #1 Better detection customer is notified by IT With Splunk Fix is implemented Event Mgmt Incident Mgmt Problem Mgmt
Copyright © 2016 Splunk, Inc. Benchmarking Splunk Customer Success Documented through 700+ engagements worldwide Reduced Sev1 and Sev2 incidents by 43% Reduced MTTR by 95% and reduce escalations by 50% Improved API performance by 50% reducing need for infrastructure upgrades and increasing user satisfaction 15-45% reduction in high priority incidents 70-90% reduction in incident investigation time 67-82% reduction in business impact 5-20% increase in infrastructure capacity utilization Customer Feedback IT Operations Analytics (ITOA)
Copyright © 2016 Splunk, Inc. Network Server & Storage • SNMP • DHCP • Firewall • Load Balancer • Network Switches • Network Routers (cisco_cdr, cisco:asa, cisco_syslog, clavister) • Netflow • Proxies Application • OS Logs (ntsyslog, snare, dhcpd, linux_secure, aix_secure, osx_secure, syslog, PERFMON:CPUTime, PERFMON:FreeDiskSpace, Win:Event, etc.) • VMWare server logs • AWS Logs (CloudTrail, CloudWatch, Config, S3, etc.) • MS Azure Logs (WADEventLogs, WADPerformanceCounter, WADDiagnostInfrastructure, etc.) • Backup logs • Storage logs Common Data Sources Documented through 700+ engagements worldwide Middleware & Database • Java – J2EE (log4J, JMS, MQ, TibcoEMS, HornetQ, RabbitMQ, Native JMS, Weblogic JMS, etc.) • Middleware (Tibco, Software AG etc.) • Web Server (access_combined, access_combined_wcookie, access_common, apache_error, iis, nginx, etc.) • Application Server (log4j, log4php, weblogic_stdout, websphere_activity, websphere_core, websphere_trlog, etc.) • Mobile Devices • Database error logs • Application Error Logs • Application Performance and Usage Logs • Application Authentication Logs • Business Process Logs (Payments status, batch upload status, customer order status, etc.) • Mail Server Logs IT Operations Analytics (ITOA)
Copyright © 2016 Splunk, Inc. Application Delivery Application Delivery An overview of Splunk efficiencies and Most Common Data Sources as reported by Splunk Customers Developers, Testers, Project Managers AND DBAs, Middleware, Application Support Teams
Copyright © 2016 Splunk, Inc. TOP 6 Use Cases for Application Delivery typical SDLC #4 Faster delivery of dashboards provide real-time visibility across all technology layers involved in processing business service transactions so bottlenecks can be swiftly identified and addressed #5 Faster Mean Time to Market on key projects through faster test failure analysis and defect remediation #6 Increased release value through improved visibility on feature efficiency patterns in order to better assess needs for future releases #2 Faster pre-production defect remediation through improved investigation of root causes #1 Faster test failure analysis for functional, performance and security test runs through analysis of test logs #3 Fewer escalations to developers from fewer production outages means developers are more focused on innovating the business
Copyright © 2016 Splunk, Inc. Benchmarking Splunk Customer Success Documented through 700+ engagements worldwide Application Delivery Shortened development cycles by 30% Reduced reporting time by 88% Increased release cycles by 8x with no additional staff Customer Feedback 80-90% faster development of reports and dashboards 70-90% reduction in time for QA test failure analysis 70-90% reduction in time for pre-prod defect investigation 10-50% improvement in time to market
Copyright © 2016 Splunk, Inc. SDLC Application Delivery Common Data Sources Documented through 700+ engagements worldwide Middleware & Database • Java – J2EE (log4J, JMS, MQ, TibcoEMS, HornetQ, RabbitMQ, Native JMS, Weblogic JMS, etc.) • Middleware (Tibco, Software AG etc.) • Web Server (access_combined, access_combined_wcookie, access_common, apache_error, iis, nginx, etc.) • Application Server (log4j, log4php, weblogic_stdout, websphere_activity, websphere_core, websphere_trlog, etc.) • Mobile Devices • Database error logs • Performance Test Logs • Functional Test Logs • Security Test Logs • Debug Logs • Release Error Logs • Code Management Logs Application • Apache Web Logs • Application Error Logs • Application Performance Logs • Application Authentication Logs • Business Process Logs (Payments status, batch upload status, customer order status, etc.) • Mail Server Logs
Copyright © 2016 Splunk, Inc. Security, Compliance and Fraud Security, Compliance, and Fraud An overview of Splunk efficiencies and Most Common Data Sources as reported by Splunk Customers Security Analysts, SOC, Compliance, Audit, Fraud teams
Copyright © 2016 Splunk, Inc. Assess Risk Deep Analysis Monitor Controls Audit & Comply TOP 4 Use Cases for Security & Compliance #4 Continuous compliance on ALL components and policies resulting in faster and simpler audits #3 Faster implementation of critical security controls (ex: CIS Top 20) across ALL layers of the organization, ultimately resulting in full enterprise visibility and a reduction in risks #2 Faster deep dive investigation on security incidents that require further proactive and reactive analysis #1 Faster 1st level triage on ALL security attacks with less resources as opposed to reviewing only a subset of attacks Web Threats Mobile & IOT Vulnerabilities Scams & Social Media Targeted Attacks Data Breaches E-Crime & Malware
Copyright © 2016 Splunk, Inc. Security, Compliance & Fraud 70-90% faster detection and triage of security events 70-90% faster investigation of security incidents 70-90% reduction in compliance reporting time 10-50% reduction in risk of data breach, IP theft, fraud Customer Feedback Benchmarking Splunk Customer Success Documented through 700+ engagements worldwide Reduced effort on security staff tasks saving more than $500,000 per year Reduced fraud & abuse by 50% converting fraudulent users to paying customers Reduced compliance reporting time by over 80% for SOX, SAS-70 and PCI a SaaS company
Copyright © 2016 Splunk, Inc. Security, Compliance & Fraud Common Data Sources Documented through 700+ engagements worldwide Network, Server & Storage • SNMP • Wire Data • DHCP • Firewall • FTP Logs • IDS Logs • Network Access Control • File access control • Network Switches • Network Routers Application & User • Wireless Network logs • Netflow • Proxies • OS Logs (ntsyslog, snare, dhcpd, linux_secure, aix_secure, osx_secure, syslog, Win:Event, etc.) • Patch Logs • VMWare server logs • AWS Logs (CloudTrail, CloudWatch, Config, etc.) • Storage logs Middleware & Database • Java – J2EE (log4J, JMS, MQ, TibcoEMS, HornetQ, RabbitMQ, Native JMS, Weblogic JMS, etc.) • Middleware (Tibco, Software AG etc.) • Web Server (access_combined, access_combined_wcookie, access_common, apache_error, iis, nginx, etc.) • Application Server (log4j, log4php, weblogic_stdout, websphere_activity, websphere_core, websphere_trlog, etc.) • Database error logs • Malware protection logs • Endpoint activity • Application Error Logs • App. Authentication Logs • Vulnerability Scanning • Mail Server Logs • Active Directory • LDAP, VPN • SDLC Security Test Logs • Mobile Devices • Physical Card Reader Logs Other • Threat Lists • OS Blacklist • IP blacklists • Restricted ports and protocols • Vulnerability Lists • Social Media Feeds • Training Logs
Copyright © 2016 Splunk, Inc. Splunk Security & Compliance Best Practices RefertotheSplunkSANS20whitepaper fordetailedusecasesandexamplesof howcustomersuseSplunktoachieve theanticipatedimprovementswith: FasterDetectionofSecurityEvents FasterResearchandInvestigation ReducedRiskswithDataBreachandFraud New release coming out soon: Mapping Splunk Software to the CIS 20 CSC Version 6.0
Copyright © 2016 Splunk, Inc. Recap on Top Value Use Cases Security, Compliance, and Fraud IT Operations Application Delivery • Proactive Monitoring • Faster Incident Investigation • More Comprehensive Root Cause Analysis • Fewer Incidents • Better Capacity Planning • Faster Test Failure Analysis • Faster Pre-Production Defect Investigation • Fewer Prod Escalations • Faster Report Development • Faster Time to Market • Increased Visibility • Faster Triage of Events • Faster Incident Investigation • Improved Compliance • Risk Mitigation with Data Breach, IP Theft, Fraud
Copyright © 2016 Splunk, Inc. How can I gain the most value from all this data…?
Copyright © 2016 Splunk, Inc. to Answer that… Groups Use Cases Data How does my data overlap across different groups? How much of it is already indexed? more use cases = more value from your current data Are my current users benefiting from all the possible use cases? What else could they be doing? Can other groups leverage the data already indexed? How could they benefit from this data? What data exists in my environment? How much of it is indexed?
Copyright © 2016 Splunk, Inc. Data Source Assessment Tool Data Sources + Use Cases + Groups
Copyright © 2016 Splunk, Inc. Data Source Mapping List of 50+ data sources Mapping against high level groups IT Ops, App Support, App Dev, Security, Compliance, Fraud Mapping can be customized to reflect different environments Indicates PRIMARY Data Source for the group Indicates SECONDARY Data Source for the group
Copyright © 2016 Splunk, Inc. From an Inventory of Data Sources Identify the ones that apply to your environment 1. Estimate their daily size (ex: GB/day for an average Active Directory) 2. Estimate the total number (ex: how many Active Directories) 3. Estimate the % already indexed Splunk SEs can help you Splunk Queries to help you complete the input Data Source Sizing
Copyright © 2016 Splunk, Inc. Data Summary A summary of data sources organized by group (IT Ops, App Support, App Delivery, Security, …) Provides the % of data sources indexed that are applicable to your environment Indicates the overlap factors with other groups Drill down to see your list of data sources indexed/not indexed
Copyright © 2016 Splunk, Inc. Data Sources  Use Cases Common Splunk Use Cases % PRIMARY and SECONDARY Data Sources Indexed
Copyright © 2016 Splunk, Inc. What’s Next? Making the tool more granular Mapping data sources by team XLS is available for all of you Creating a community of adopters Contact us: value@splunk.com
Copyright © 2016 Splunk, Inc. Questions? Thankyou!

More Related Content

PPTX
Distributed Management Console Breakout Session
Splunk
 
PPTX
Getting Started with Splunk Enterprise Hands-On
Splunk
 
PPTX
SplunkLive! - Splunk for IT Operations
Splunk
 
PPTX
Taking Splunk to the Next Level - Manager
Splunk
 
PPTX
Explain the Value of your Splunk Deployment Breakout Session
Splunk
 
PPTX
Data Onboarding Breakout Session
Splunk
 
PPTX
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
PPTX
Splunk for Developers
Splunk
 
Distributed Management Console Breakout Session
Splunk
 
Getting Started with Splunk Enterprise Hands-On
Splunk
 
SplunkLive! - Splunk for IT Operations
Splunk
 
Taking Splunk to the Next Level - Manager
Splunk
 
Explain the Value of your Splunk Deployment Breakout Session
Splunk
 
Data Onboarding Breakout Session
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Splunk for Developers
Splunk
 

What's hot (20)

PPTX
Splunk Ninjas: New Features and Search Dojo
Splunk
 
PPTX
Splunk for IT Operations
Splunk
 
PPTX
Splunk and Cisco UCS Breakout Session
Splunk
 
PPTX
Splunk for Developers
Splunk
 
PPTX
How to Align Your Daily Splunk Activities Breakout Session
Splunk
 
PPTX
Machine Learning and Analytics Breakout Session
Splunk
 
PDF
Herbalife Customer Presentation
Splunk
 
PDF
SplunkLive! Austin Customer Presentation - Xerox
Splunk
 
PPTX
Drive more value through data source and use case optimization
Splunk
 
PPTX
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
PPTX
Operational Security Intelligence Breakout Session
Splunk
 
PPTX
What's New in 6.3 + Data On-Boarding
Splunk
 
PPTX
Taking Splunk to the Next Level – Management - Advanced
Splunk
 
PPTX
Taking Splunk to the Next Level - Management Breakout Session
Splunk
 
PPTX
Taking Splunk to the Next Level - Manager
Splunk
 
PPTX
Splunk Enterpise for Information Security Hands-On
Splunk
 
PPTX
Splunk Ninjas: New Features and Search Dojo
Splunk
 
PPTX
Getting Started with Splunk Enterprise
Splunk
 
PPTX
Getting Started with Splunk Enterprise
Splunk
 
PDF
Splunk @ Adobe
Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk
 
Splunk for IT Operations
Splunk
 
Splunk and Cisco UCS Breakout Session
Splunk
 
Splunk for Developers
Splunk
 
How to Align Your Daily Splunk Activities Breakout Session
Splunk
 
Machine Learning and Analytics Breakout Session
Splunk
 
Herbalife Customer Presentation
Splunk
 
SplunkLive! Austin Customer Presentation - Xerox
Splunk
 
Drive more value through data source and use case optimization
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Operational Security Intelligence Breakout Session
Splunk
 
What's New in 6.3 + Data On-Boarding
Splunk
 
Taking Splunk to the Next Level – Management - Advanced
Splunk
 
Taking Splunk to the Next Level - Management Breakout Session
Splunk
 
Taking Splunk to the Next Level - Manager
Splunk
 
Splunk Enterpise for Information Security Hands-On
Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk
 
Getting Started with Splunk Enterprise
Splunk
 
Getting Started with Splunk Enterprise
Splunk
 
Splunk @ Adobe
Splunk
 
Ad

Similar to Elevate your Splunk Deployment by Better Understanding your Value Breakfast Session (20)

PPTX
Best Practices For Sharing Data Across The Enteprrise
Splunk
 
PPTX
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk
 
PPTX
What’s New: Splunk App for Stream and Splunk MINT
Splunk
 
PDF
SplunkLive! London - Splunk App for Stream & MINT Breakout
Splunk
 
PPTX
Splunk MINT and Stream Breakout
Splunk
 
PPTX
New Splunk Management Solutions Update: Splunk MINT and Splunk App for Stream
Splunk
 
PPTX
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk
 
PPTX
Splunk
Deep Mehta
 
PPTX
Leverage Machine Data
Splunk
 
PPTX
Cisco UCS and Splunk Workshop
Robb Boyd
 
PPTX
SplunkLive! Nashville - Splunk for ITOps
Splunk
 
PDF
More Databases. More Hackers. More Audits.
Imperva
 
PPTX
The differing ways to monitor and instrument
Jonah Kowall
 
PDF
Delivering New Visibility and Analytics for IT Operations
Gabrielle Knowles
 
PDF
SplunkLive Auckland - Operational Intelligence
Splunk
 
PDF
SplunkLive Wellington 2015 - Operational Intelligence
Splunk
 
PPTX
Apache Spark Streaming -Real time web server log analytics
ANKIT GUPTA
 
PDF
Actionable Insights - Thompson
Prolifics
 
PPTX
Splunk for ITOps
Splunk
 
PDF
Splunk in the Cisco Unified Computing System (UCS)
Splunk
 
Best Practices For Sharing Data Across The Enteprrise
Splunk
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk
 
What’s New: Splunk App for Stream and Splunk MINT
Splunk
 
SplunkLive! London - Splunk App for Stream & MINT Breakout
Splunk
 
Splunk MINT and Stream Breakout
Splunk
 
New Splunk Management Solutions Update: Splunk MINT and Splunk App for Stream
Splunk
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk
 
Splunk
Deep Mehta
 
Leverage Machine Data
Splunk
 
Cisco UCS and Splunk Workshop
Robb Boyd
 
SplunkLive! Nashville - Splunk for ITOps
Splunk
 
More Databases. More Hackers. More Audits.
Imperva
 
The differing ways to monitor and instrument
Jonah Kowall
 
Delivering New Visibility and Analytics for IT Operations
Gabrielle Knowles
 
SplunkLive Auckland - Operational Intelligence
Splunk
 
SplunkLive Wellington 2015 - Operational Intelligence
Splunk
 
Apache Spark Streaming -Real time web server log analytics
ANKIT GUPTA
 
Actionable Insights - Thompson
Prolifics
 
Splunk for ITOps
Splunk
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk
 
Ad

More from Splunk (20)

PDF
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
PDF
Building Resilience with Energy Management for the Public Sector
Splunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
PDF
.conf Go 2023 - Data analysis as a routine
Splunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 

Recently uploaded (20)

PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
A Presentation on Artificial Intelligence
memembruh336
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 

Elevate your Splunk Deployment by Better Understanding your Value Breakfast Session

  • 1. Copyright © 2016 Splunk, Inc. Elevate your Splunk Deployment by Better Understanding your Value David Caradonna Director, Global Business Value Consulting dcaradonna@splunk.com March, 2016
  • 2. Copyright © 2016 Splunk, Inc. 2 Top Use Cases and Data Sources 3 Data Source Assessment Tool 4 Summary / Q&A 1 Business Value at Splunk Today’s Presentation
  • 3. Copyright © 2016 Splunk, Inc. Maximize benefits gained from machine data by prescribing enterprise value plans that directly support our customer’s corporate objectives and enable broader impact across their business Business Value Consulting at Splunk • Should Splunk be a priority? • How much value can be realize? • Which data should be indexed? • What’s the investment and ROI? • Can Cloud be less expensive? • How is Splunk currently utilized? • How much value has been realized? • More value to be realized with current data? • Who else can benefit from this data? • When and how to establish a Splunk COE? Servicing Customers for 3 Years | 700+ Engagements Worldwide
  • 4. Copyright © 2016 Splunk, Inc. Splunk should not be a Hidden Gem 4 I was never able to do this before! What business value do I get? I can search Syslog way faster now!
  • 5. Copyright © 2016 Splunk, Inc. Today’s Focus Based on FY16Q3 activity Security, Compliance, and Fraud Business Analytics Industrial Data and the Internet of Things IT Operations Application Delivery Common Value Drivers | Common Data Sources
  • 6. Copyright © 2016 Splunk, Inc. IT Operational Analytics (ITOA) An overview of Splunk efficiencies and Most Common Data Sources as reported by Splunk Customers IT Operations NOC, Server, Storage, Network Admins, DBA, Middleware, Application Support Teams
  • 7. Copyright © 2016 Splunk, Inc. TOP 4 Use Cases for ITOA Root Cause Analysis Up to 30% unknown root causes, causing incidents to recur Incident Troubleshooting Lengthy log analysis done manual Incident Triage All hands on deck, taking up 30 to 40 minutes Failure detection Customer often informs IT Before Splunk Service Restoration Fix is implemented #4 Faster and more comprehensive root cause analysis helping to reduce incident recurrence #3 Faster investigation (MTTI) through rapid log search and correlation conducted in conjunction by different teams (everyone looks at the same data) #2 Faster triage often conducted by 1st level staff without all hands on deck #1 Better detection customer is notified by IT With Splunk Fix is implemented Event Mgmt Incident Mgmt Problem Mgmt
  • 8. Copyright © 2016 Splunk, Inc. Benchmarking Splunk Customer Success Documented through 700+ engagements worldwide Reduced Sev1 and Sev2 incidents by 43% Reduced MTTR by 95% and reduce escalations by 50% Improved API performance by 50% reducing need for infrastructure upgrades and increasing user satisfaction 15-45% reduction in high priority incidents 70-90% reduction in incident investigation time 67-82% reduction in business impact 5-20% increase in infrastructure capacity utilization Customer Feedback IT Operations Analytics (ITOA)
  • 9. Copyright © 2016 Splunk, Inc. Network Server & Storage • SNMP • DHCP • Firewall • Load Balancer • Network Switches • Network Routers (cisco_cdr, cisco:asa, cisco_syslog, clavister) • Netflow • Proxies Application • OS Logs (ntsyslog, snare, dhcpd, linux_secure, aix_secure, osx_secure, syslog, PERFMON:CPUTime, PERFMON:FreeDiskSpace, Win:Event, etc.) • VMWare server logs • AWS Logs (CloudTrail, CloudWatch, Config, S3, etc.) • MS Azure Logs (WADEventLogs, WADPerformanceCounter, WADDiagnostInfrastructure, etc.) • Backup logs • Storage logs Common Data Sources Documented through 700+ engagements worldwide Middleware & Database • Java – J2EE (log4J, JMS, MQ, TibcoEMS, HornetQ, RabbitMQ, Native JMS, Weblogic JMS, etc.) • Middleware (Tibco, Software AG etc.) • Web Server (access_combined, access_combined_wcookie, access_common, apache_error, iis, nginx, etc.) • Application Server (log4j, log4php, weblogic_stdout, websphere_activity, websphere_core, websphere_trlog, etc.) • Mobile Devices • Database error logs • Application Error Logs • Application Performance and Usage Logs • Application Authentication Logs • Business Process Logs (Payments status, batch upload status, customer order status, etc.) • Mail Server Logs IT Operations Analytics (ITOA)
  • 10. Copyright © 2016 Splunk, Inc. Application Delivery Application Delivery An overview of Splunk efficiencies and Most Common Data Sources as reported by Splunk Customers Developers, Testers, Project Managers AND DBAs, Middleware, Application Support Teams
  • 11. Copyright © 2016 Splunk, Inc. TOP 6 Use Cases for Application Delivery typical SDLC #4 Faster delivery of dashboards provide real-time visibility across all technology layers involved in processing business service transactions so bottlenecks can be swiftly identified and addressed #5 Faster Mean Time to Market on key projects through faster test failure analysis and defect remediation #6 Increased release value through improved visibility on feature efficiency patterns in order to better assess needs for future releases #2 Faster pre-production defect remediation through improved investigation of root causes #1 Faster test failure analysis for functional, performance and security test runs through analysis of test logs #3 Fewer escalations to developers from fewer production outages means developers are more focused on innovating the business
  • 12. Copyright © 2016 Splunk, Inc. Benchmarking Splunk Customer Success Documented through 700+ engagements worldwide Application Delivery Shortened development cycles by 30% Reduced reporting time by 88% Increased release cycles by 8x with no additional staff Customer Feedback 80-90% faster development of reports and dashboards 70-90% reduction in time for QA test failure analysis 70-90% reduction in time for pre-prod defect investigation 10-50% improvement in time to market
  • 13. Copyright © 2016 Splunk, Inc. SDLC Application Delivery Common Data Sources Documented through 700+ engagements worldwide Middleware & Database • Java – J2EE (log4J, JMS, MQ, TibcoEMS, HornetQ, RabbitMQ, Native JMS, Weblogic JMS, etc.) • Middleware (Tibco, Software AG etc.) • Web Server (access_combined, access_combined_wcookie, access_common, apache_error, iis, nginx, etc.) • Application Server (log4j, log4php, weblogic_stdout, websphere_activity, websphere_core, websphere_trlog, etc.) • Mobile Devices • Database error logs • Performance Test Logs • Functional Test Logs • Security Test Logs • Debug Logs • Release Error Logs • Code Management Logs Application • Apache Web Logs • Application Error Logs • Application Performance Logs • Application Authentication Logs • Business Process Logs (Payments status, batch upload status, customer order status, etc.) • Mail Server Logs
  • 14. Copyright © 2016 Splunk, Inc. Security, Compliance and Fraud Security, Compliance, and Fraud An overview of Splunk efficiencies and Most Common Data Sources as reported by Splunk Customers Security Analysts, SOC, Compliance, Audit, Fraud teams
  • 15. Copyright © 2016 Splunk, Inc. Assess Risk Deep Analysis Monitor Controls Audit & Comply TOP 4 Use Cases for Security & Compliance #4 Continuous compliance on ALL components and policies resulting in faster and simpler audits #3 Faster implementation of critical security controls (ex: CIS Top 20) across ALL layers of the organization, ultimately resulting in full enterprise visibility and a reduction in risks #2 Faster deep dive investigation on security incidents that require further proactive and reactive analysis #1 Faster 1st level triage on ALL security attacks with less resources as opposed to reviewing only a subset of attacks Web Threats Mobile & IOT Vulnerabilities Scams & Social Media Targeted Attacks Data Breaches E-Crime & Malware
  • 16. Copyright © 2016 Splunk, Inc. Security, Compliance & Fraud 70-90% faster detection and triage of security events 70-90% faster investigation of security incidents 70-90% reduction in compliance reporting time 10-50% reduction in risk of data breach, IP theft, fraud Customer Feedback Benchmarking Splunk Customer Success Documented through 700+ engagements worldwide Reduced effort on security staff tasks saving more than $500,000 per year Reduced fraud & abuse by 50% converting fraudulent users to paying customers Reduced compliance reporting time by over 80% for SOX, SAS-70 and PCI a SaaS company
  • 17. Copyright © 2016 Splunk, Inc. Security, Compliance & Fraud Common Data Sources Documented through 700+ engagements worldwide Network, Server & Storage • SNMP • Wire Data • DHCP • Firewall • FTP Logs • IDS Logs • Network Access Control • File access control • Network Switches • Network Routers Application & User • Wireless Network logs • Netflow • Proxies • OS Logs (ntsyslog, snare, dhcpd, linux_secure, aix_secure, osx_secure, syslog, Win:Event, etc.) • Patch Logs • VMWare server logs • AWS Logs (CloudTrail, CloudWatch, Config, etc.) • Storage logs Middleware & Database • Java – J2EE (log4J, JMS, MQ, TibcoEMS, HornetQ, RabbitMQ, Native JMS, Weblogic JMS, etc.) • Middleware (Tibco, Software AG etc.) • Web Server (access_combined, access_combined_wcookie, access_common, apache_error, iis, nginx, etc.) • Application Server (log4j, log4php, weblogic_stdout, websphere_activity, websphere_core, websphere_trlog, etc.) • Database error logs • Malware protection logs • Endpoint activity • Application Error Logs • App. Authentication Logs • Vulnerability Scanning • Mail Server Logs • Active Directory • LDAP, VPN • SDLC Security Test Logs • Mobile Devices • Physical Card Reader Logs Other • Threat Lists • OS Blacklist • IP blacklists • Restricted ports and protocols • Vulnerability Lists • Social Media Feeds • Training Logs
  • 18. Copyright © 2016 Splunk, Inc. Splunk Security & Compliance Best Practices RefertotheSplunkSANS20whitepaper fordetailedusecasesandexamplesof howcustomersuseSplunktoachieve theanticipatedimprovementswith: FasterDetectionofSecurityEvents FasterResearchandInvestigation ReducedRiskswithDataBreachandFraud New release coming out soon: Mapping Splunk Software to the CIS 20 CSC Version 6.0
  • 19. Copyright © 2016 Splunk, Inc. Recap on Top Value Use Cases Security, Compliance, and Fraud IT Operations Application Delivery • Proactive Monitoring • Faster Incident Investigation • More Comprehensive Root Cause Analysis • Fewer Incidents • Better Capacity Planning • Faster Test Failure Analysis • Faster Pre-Production Defect Investigation • Fewer Prod Escalations • Faster Report Development • Faster Time to Market • Increased Visibility • Faster Triage of Events • Faster Incident Investigation • Improved Compliance • Risk Mitigation with Data Breach, IP Theft, Fraud
  • 20. Copyright © 2016 Splunk, Inc. How can I gain the most value from all this data…?
  • 21. Copyright © 2016 Splunk, Inc. to Answer that… Groups Use Cases Data How does my data overlap across different groups? How much of it is already indexed? more use cases = more value from your current data Are my current users benefiting from all the possible use cases? What else could they be doing? Can other groups leverage the data already indexed? How could they benefit from this data? What data exists in my environment? How much of it is indexed?
  • 22. Copyright © 2016 Splunk, Inc. Data Source Assessment Tool Data Sources + Use Cases + Groups
  • 23. Copyright © 2016 Splunk, Inc. Data Source Mapping List of 50+ data sources Mapping against high level groups IT Ops, App Support, App Dev, Security, Compliance, Fraud Mapping can be customized to reflect different environments Indicates PRIMARY Data Source for the group Indicates SECONDARY Data Source for the group
  • 24. Copyright © 2016 Splunk, Inc. From an Inventory of Data Sources Identify the ones that apply to your environment 1. Estimate their daily size (ex: GB/day for an average Active Directory) 2. Estimate the total number (ex: how many Active Directories) 3. Estimate the % already indexed Splunk SEs can help you Splunk Queries to help you complete the input Data Source Sizing
  • 25. Copyright © 2016 Splunk, Inc. Data Summary A summary of data sources organized by group (IT Ops, App Support, App Delivery, Security, …) Provides the % of data sources indexed that are applicable to your environment Indicates the overlap factors with other groups Drill down to see your list of data sources indexed/not indexed
  • 26. Copyright © 2016 Splunk, Inc. Data Sources  Use Cases Common Splunk Use Cases % PRIMARY and SECONDARY Data Sources Indexed
  • 27. Copyright © 2016 Splunk, Inc. What’s Next? Making the tool more granular Mapping data sources by team XLS is available for all of you Creating a community of adopters Contact us: value@splunk.com
  • 28. Copyright © 2016 Splunk, Inc. Questions? Thankyou!

Editor's Notes

  • #5: You all know what a great platform Splunk is. So if it’s so great, why does our team exist? Well…Users love Splunk and clearly understand the value it delivers to them operationally, but they struggle with articulating it to their senior management in business terms. This leaves executives asking what THEY get from Splunk. They understand their people love it, but can’t put dollars, euros, yuan, or yen on it easily. The Value that Splunk brings to the business is a hidden gem for most executives. When they are able to understand the business value it delivers for them, in most cases it’s priceless.
  • #6: Dave - 2 MINUTES Another IMPORTANT PATTERN to talk about is this Amidst the 17 hundred IVAs completed in the past year, 90% of these were focused on IT use cases, and the typical value ranged from $2M to $3M per year Not bad for doing this on your own! But we also noticed 10% of WEB IVAs also included NON-IT user cases, and when combined IT and NON-IT use cases, the value now goes up to $10M per year So currently we’re seeing A LOT of data with IT Use Case, and A LOT of value with non-IT use cases, so combine the 2 together and you can have LARGER EAA discussions! Now why only 10% of business cases included non-IT use cases, that’s because we haven’t instrumented our tool to help you do this effectively But that’s about to change!